Azure
/
Azure-Sentinel
зеркало из
1
0
Форкнуть 0
Код Задачи Пакеты Проекты Релизы Вики Активность
Azure-Sentinel/Tools/externaldata/securityevent.yaml

5 строки
4.8 KiB
YAML
Исходник Ответственный История

externaldata(TenantId:string, TimeGenerated:datetime, SourceSystem:string, Account:string, AccountType:string, Computer:string, EventSourceName:string, Channel:string, Task:int, Level:string, EventData:string, EventID:int, Activity:string, PartitionKey:string, RowKey:string, StorageAccount:string, AzureDeploymentID:string, AzureTableName:string, AccessList:string, AccessMask:string, AccessReason:string, AccountDomain:string, AccountExpires:string, AccountName:string, AccountSessionIdentifier:string, AdditionalInfo:string, AdditionalInfo2:string, AllowedToDelegateTo:string, Attributes:string, AuditPolicyChanges:string, AuditsDiscarded:int, AuthenticationLevel:int, AuthenticationPackageName:string, AuthenticationProvider:string, AuthenticationServer:string, AuthenticationService:int, AuthenticationType:string, CACertificateHash:string, CalledStationID:string, CallerProcessId:string, CallerProcessName:string, CallingStationID:string, CAPublicKeyHash:string, CategoryId:string, CertificateDatabaseHash:string, ClassId:string, ClassName:string, ClientAddress:string, ClientIPAddress:string, ClientName:string, CommandLine:string, CompatibleIds:string, DCDNSName:string, DeviceDescription:string, DeviceId:string, DisplayName:string, Disposition:string, DomainBehaviorVersion:string, DomainName:string, DomainPolicyChanged:string, DomainSid:string, EAPType:string, ElevatedToken:string, ErrorCode:int, ExtendedQuarantineState:string, FailureReason:string, FileHash:string, FilePath:string, FilePathNoUser:string, Filter:string, ForceLogoff:string, Fqbn:string, FullyQualifiedSubjectMachineName:string, FullyQualifiedSubjectUserName:string, GroupMembership:string, HandleId:string, HardwareIds:string, HomeDirectory:string, HomePath:string, ImpersonationLevel:string, InterfaceUuid:string, IpAddress:string, IpPort:string, KeyLength:int, LmPackageName:string, LocationInformation:string, LockoutDuration:string, LockoutObservationWindow:string, LockoutThreshold:string, LoggingResult:string, LogonGuid:string, LogonHours:string, LogonID:string, LogonProcessName:string, LogonType:int, LogonTypeName:string, MachineAccountQuota:string, MachineInventory:string, MachineLogon:string, MandatoryLabel:string, MaxPasswordAge:string, MemberName:string, MemberSid:string, MinPasswordAge:string, MinPasswordLength:string, MixedDomainMode:string, NASIdentifier:string, NASIPv4Address:string, NASIPv6Address:string, NASPort:string, NASPortType:string, NetworkPolicyName:string, NewDate:string, NewMaxUsers:string, NewProcessId:string, NewProcessName:string, NewRemark:string, NewShareFlags:string, NewTime:string, NewUacValue:string, NewValue:string, NewValueType:string, ObjectName:string, ObjectServer:string, ObjectType:string, ObjectValueName:string, OemInformation:string, OldMaxUsers:string, OldRemark:string, OldShareFlags:string, OldUacValue:string, OldValue:string, OldValueType:string, OperationType:string, PackageName:string, ParentProcessName:string, PasswordHistoryLength:string, PasswordLastSet:string, PasswordProperties:string, PreviousDate:string, PreviousTime:string, PrimaryGroupId:string, PrivateKeyUsageCount:string, PrivilegeList:string, Process:string, ProcessId:string, ProcessName:string, Properties:string, ProfilePath:string, ProtocolSequence:string, ProxyPolicyName:string, QuarantineHelpURL:string, QuarantineSessionID:string, QuarantineSessionIdentifier:string, QuarantineState:string, QuarantineSystemHealthResult:string, RelativeTargetName:string, RemoteIpAddress:string, RemotePort:string, Requester:string, RequestId:string, RestrictedAdminMode:string, RowsDeleted:string, SamAccountName:string, ScriptPath:string, SecurityDescriptor:string, ServiceAccount:string, ServiceFileName:string, ServiceName:string, ServiceStartType:int, ServiceType:string, SessionName:string, ShareLocalPath:string, ShareName:string, SidHistory:string, Status:string, SubjectAccount:string, SubcategoryGuid:string, SubcategoryId:string, Subject:string, SubjectDomainName:string, SubjectKeyIdentifier:string, SubjectLogonId:string, SubjectMachineName:string, SubjectMachineSID:string, SubjectUserName:string, SubjectUserSid:string, SubStatus:string, TableId:string, TargetAccount:string, TargetDomainName:string, TargetInfo:string, TargetLinkedLogonId:string, TargetLogonGuid:string, TargetLogonId:string, TargetOutboundDomainName:string, TargetOutboundUserName:string, TargetServerName:string, TargetSid:string, TargetUser:string, TargetUserName:string, TargetUserSid:string, TemplateContent:string, TemplateDSObjectFQDN:string, TemplateInternalName:string, TemplateOID:string, TemplateSchemaVersion:string, TemplateVersion:string, TokenElevationType:string, TransmittedServices:string, UserAccountControl:string, UserParameters:string, UserPrincipalName:string)
[
h@"https://STORAGEACCOUNTNAME.blob.core.windows.net/am-securityevent/SASSIG"
]
with(format="json")
Ссылка в новой задаче Показать git blame Копировать постоянную ссылку